Announcement (2017-05-07): www.ruby-forum.com is now read-only since I
unfortunately do not have the time to support and maintain the forum any
more. Please see rubyonrails.org/community and ruby-lang.org/en/community
for other Rails- und Ruby-related community platforms.

Hello!
On Sat, Apr 05, 2014 at 07:54:21AM -0400, justcyber wrote:
> How to limit POST request per ip ?>> Need some of:>> limit_except POST {
Just a side note: "limit_except POST" means the opposite to what
you ask above.
> limit_req zone=postlimit burst=10 nodelay;> }
It is possible to limit only subset of requests by using
the fact that limit_req doesn't limit anything if it's
variable evaluates to an empty string, see
http://nginx.org/r/limit_req_zone.
That is, instead of
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
we need something like
limit_req_zone $limit zone=one:10m rate=1r/s;
where the $limit variables is empty for non-POST requests (as we
don't want to limit them), and evaluates to $binary_remote_addr
for POST requests. Such a variable can be easily constructed
using the map module (see http://nginx.org/r/map):
map $request_method $limit {
default "";
POST $binary_remote_addr;
}
--
Maxim Dounin
http://nginx.org/

On Sat, Apr 5, 2014 at 3:07 PM, Maxim Dounin <mdounin@mdounin.ru> wrote:
>> we need something like>> limit_req_zone $limit zone=one:10m rate=1r/s;>> where the $limit variables is empty for non-POST requests (as we> don't want to limit them), and evaluates to $binary_remote_addr> for POST requests.
A follow-up question: are requests that hit the cache counted in the
limit_req_zone? I would like to enforce a limit on the POST requests
that actually hit the back-end; I don't mind additional requests that
hit the cache.

Hello!
On Tue, May 06, 2014 at 03:16:09PM -0700, Jeroen Ooms wrote:
> A follow-up question: are requests that hit the cache counted in the> limit_req_zone? I would like to enforce a limit on the POST requests> that actually hit the back-end; I don't mind additional requests that> hit the cache.
Limits are checked (and counted) before a request is passed to a
content handler, hence all requests are counted, both cached and
not. If you want to limit only requests which aren't cached, you
may do so, e.g., by adding an additional proxy layer with
limit_req.
--
Maxim Dounin
http://nginx.org/